palo alto networks pcsae practice test

Palo Alto Networks Certified Security Automation Engineer

Last exam update: Dec 14 ,2024
Page 1 out of 5. Viewing questions 1-15 out of 84

Question 1

Which three statements are true about the Marketplace? (Choose three.)

  • A. Allows reverting back to a previous version of a content pack
  • B. Enables users to participate in the community by sharing content
  • C. Publishes content without additional review from the Cortex XSOAR team
  • D. Allows uploading of content in additional languages
  • E. Offers granularity in installation through content packs
Answer:

B C D

User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
Discussions
vote your answer:
A
B
C
D
E
0 / 1000

Question 2

In which two ways can data be transferred between playbooks and sub-playbooks? (Choose two.)

  • A. Inputs and outputs
  • B. Through integration context
  • C. Automatically extracted by sub-playbooks
  • D. From context data, if context is shared globally
Answer:

A D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 3

Which three scripting languages can an engineer use to write XSOAR automations? (Choose three.)

  • A. Python
  • B. Perl
  • C. Go
  • D. JavaScript
  • E. Powershell
Answer:

A D E


Explanation:
Reference: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-0/cortex-xsoar-admin/playbooks/automations.html

User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
Discussions
vote your answer:
A
B
C
D
E
0 / 1000

Question 4

An engineers organization system is registered in the following manner: . The engineer created a new indicator type for
detecting systems using regex. The engineer would now like the username to be created as a separate User indicator
automatically once a system is found.
What is the most efficient way for the engineer to achieve this?

  • A. Create a custom indicator field named ‘username’ and link it to the internal system indicator
  • B. Change the reputation command for the internal system indicator type
  • C. Create a new indicator type of the internal username and set a formatting script to extract only the username
  • D. Create a new indicator type of the internal username and have the regex included on any string that has dash at the beginning
Answer:

B


Explanation:
Reference: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-0/cortex-xsoar-threat-intel-management-guide/manage-
indicators/understand-indicators/indicator-types/indicator-type-profile

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 5

An engineer would like to add a custom field to the New Job form for a job triggered from a threat intel feed.
How would the engineer implement this?

  • A. The new job form changes based on the threat intel feed integration configuration
  • B. The new job form can be edited from the Indicator Feed incident type editor
  • C. The new job form for a threat intel feed job cannot be edited
  • D. The new job form can be edited from the threat intel feeds integration settings
Answer:

B


Explanation:
Reference: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-0/cortex-xsoar-threat-intel-management-guide/manage-
indicators/understand-indicators/create-a-feed-based-job.html

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 6

Which two statements describe how timers are configured to start and stop automatically in a playbook? (Choose two.)

  • A. Use a field of Number to count the number of seconds elapsed between two tasks
  • B. After the playbook has run, calculate the total time taken and set the timer field with this value
  • C. To begin counting time taken, add a task in the playbook with automation startTimer. To end the counting, add a task with automation stopTimer
  • D. From the Timers tab of the playbook task, choose the action for the timer and the timer field to perform the action on
Answer:

B D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 7

Which three actions can an engineer take on the troubleshooting page? (Choose three.)

  • A. Download the debug log bundle
  • B. Put the XSOAR server in maintenance mode
  • C. View and modify server configuration settings
  • D. Export and import custom content
  • E. View a list of server administrators
Answer:

A B C

User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
Discussions
vote your answer:
A
B
C
D
E
0 / 1000

Question 8

Which two statements accurately describe layouts? (Choose two.)

  • A. Layouts override classification and mapping
  • B. New tabs can be added to the incident layout
  • C. Layouts can display incident information and custom fields
  • D. Layouts add or remove custom fields from an incident type
Answer:

B C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 9

What are two common use cases for conditional tasks? (Choose two.)

  • A. They are used for branching paths in a playbook
  • B. They are used to interact with users through survey functionality
  • C. They are used to determine which incident will be executed
  • D. They are used for sending a specific question to a person or team
Answer:

A C


Explanation:
Reference: https://docs-new.paloaltonetworks.com/cortex/cortex-xsoar/5-5/cortex-xsoar-admin/cortex-xsoar-overview/use-
cases.html#id7b31e50b-5aca-4d65-bdb5-ba61b4eac0b4

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10

An engineer would like to change an incidents SLA according to the severity field changes.
How can the engineer achieve this task?

  • A. Use a field trigger script
  • B. Use a field display script
  • C. Create a job that queries for incident severity changes
  • D. Change the SLA manually every time the severity changes
Answer:

B


Explanation:
Reference: https://xsoar.pan.dev/docs/incidents/incident-fields

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 11

By default, which components does an XSOAR implementation include?

  • A. XSOAR server, XSOAR engine
  • B. Application server, distributed DB server
  • C. Application server, distributed DB server, Backup server
  • D. All in one server
Answer:

B


Explanation:
Reference: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-0/cortex-xsoar-admin/installation/install-demisto-on-a-
physical-or-virtual-server.html

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 12

DRAG DROP
Arrange these steps in the order that they occur during an incident fetch.
Select and Place:

Answer:


Discussions
0 / 1000

Question 13

In which two options can an automation script be executed? (Choose two.)

  • A. Engine
  • B. Integration
  • C. War room
  • D. Playbook
Answer:

C D


Explanation:
Reference: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-0/cortex-xsoar-admin/playbooks/automations.html

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 14

By default, automation written in which language will be executed in a Docker container?

  • A. Python
  • B. Go
  • C. JavaScript
  • D. Perl
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 15

What can be used as integration parameters?

  • A. URL, API key, port
  • B. URL, certificate, image
  • C. Token, query, playbook
  • D. User-password, csv file, query
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
To page 2